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Top Stories 

• The U.S. Securities and Exchange Commission announced charges and asset freezes 
against Calabasas, California-based Nationwide Automated Systems, its owner, and a 
company officer for allegedly defrauding investors by running a $123 million Ponzi 
scheme. - U.S. Securities and Exchange Commission (See item 3) 

• Five teachers and 149 students were sent to area hospitals as a precaution while Yonkers 
Middle School in New York was evacuated due to an unknown noxious substance October 
8. - Lower Hudson Valley Journal News (See item 18) 

• North Dakota State College of Science officials reported that the personal information, 
including Social Security numbers, of more than 15,000 current and former students and 
employees may have been compromised in a data breach. - KVLY 11 Fargo (See item 19) 

• AT&T reached a $105 million settlement October 8 with federal and State authorities to 
resolve complaints that it made millions of dollars through unauthorized third-party 
charges on customers’ cellular-phone bills. - IDG News Service (See item 30) 
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Energy Sector 



1. October 8, Associated Press - (North Dakota) ND regulators approve 197-mile long 
oil pipeline; project will cost $55M. A $55 million project to convert a 197-mile long 
oil gathering line into a transmission pipeline was approved October 8 by the North 
Dakota Public Service Commission. The pipeline will link crude oil gathering systems 
to larger pipelines and rail networks with a maximum capacity of 65,000 barrels per 
day. 

Source: 

http://www.tribtown.com/view/story/561884e0bab24450974d9eecd57a99fb/ND— 

Pipeline-Approval 

For another story, see item 28 
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Chemical Industry Sector 

See item 28 
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Nuclear Reactors, Materials, and Waste Sector 

Nothing to report 
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Critical Manufacturing Sector 

See item 28 
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Defense Industrial Base Sector 

Nothing to report 
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Financial Services Sector 

2. October 9, Softpedia - (International) Flaw in PayPal authentication process allows 
access to blocked accounts. A researcher with Vulnerability Laboratory identified and 
reported a flaw in the mobile authentication process for PayPal that can allow an 
attacker to attempt to input passwords an unlimited number of times without causing 
the account to be locked. The issue reported in March 2013 affects the iOS mobile app 
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for PayPal and a fix is not currently available. 

Source: http://news.softpedia.com/news/Flaw-in-PayPal-Authentication-Process- 
Allows-Access-To-Blocked-Accounts-461622.shtml 



3. October 8, U.S. Securities and Exchange Commission - (California) SEC shuts down 
$123 million ATM Ponzi scheme in California. The U.S. Securities and Exchange 
Commission announced charges and asset freezes against Calabasas-based Nationwide 
Automated Systems, its owner, and a company officer for allegedly defrauding 
investors by running a $123 million Ponzi scheme that purported to offer investments 
in ATMs the company did not own. 

Source: http ://w w w. sec. go v/litigation/litreleases/20 1 4/lr23 1 06 .htm 

4. October 8, Associated Press - (Virginia) Fredericksburg man charged with 
investment fraud. A Fredericksburg man was charged October 8 for allegedly 
defrauding investors of over $9 million invested in the development of the Quantico 
Corporate Center in Stafford County. 

Source: http://www.wusa9.com/storv/news/local/virginia/2014/10/08/investment-fraud- 
virginia-iames-moncure/1 69256 13/ 

5. October 8, Softpedia - (International) ATM programmer’s reference manual leaked 
online. F-Secure researchers found a document online using the Baidu search engine 
that contains API documentation for ATM cashpoints manufactured by NCR 
Corporation during an investigation into ATM malware. The programming reference 
materials could be used by attackers to inform their development of ATM malware. 
Source: http://news.softpedia.com/news/ATM-Programmer-s-Reference-Manual- 
Feaked-Online-46 1483 . shtml 
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Transportation Systems Sector 

6. October 9, Fort Myers News-Press - (Florida) Delta flight from Fort Myers to 
Atlanta makes emergency landing. A Delta flight en route to Atlanta made an 
emergency landing in Orlando shortly after departing from Southwest Florida 
International due to a mechanical issue. The plane was safely towed to the gate for 
inspection and passengers were placed on other flights. 

Source: http://www.news-press.com/story/news/local/2014/10/09/delta-flight-from- 
rsw-to-atlanta-makes-emergency-landing-in-orlando/l 6959609/ 

7. October 8, WVEC 13 Hampton - (Virginia) Driver charged in MMMBT accident. 
Northbound lanes of Interstate 664 in Newport News were closed for 2 hours October 8 
following an accident involving a box truck that struck a car and ran off the road, 
striking the jersey wall which caused a sign to rip the top of the truck and spill debris 
across the roadway. 

Source: http://www.13newsnow.com/story/news/local/2014/10/08/tractor-trailer- 
mmbt/1 69 16661/ 
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8. October 7, KTXL 40 Sacramento - (California) Entire fleet of S-2T Cal Fire tankers 
grounded after Yosemite crash. Cal Fire announced October 7 that all 23 S-2T 
firefighting tanker planes are grounded for inspection following a fatal crash of a tanker 
near Yosemite, California. 

Source: http://fox40.com/2014/10/07/entire-fleet-of-s-2t-cal-fire-tankers-grounded- 
after-yosemite-crash/ 



For another story, see item 1 
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Food and Agriculture Sector 

9. October 9, Associated Press - (Minnesota) Winona restaurant temporarily closes 
after being linked to illness. Ground Round restaurant in Winona County voluntarily 
closed October 8 after officials linked the eatery to a norovirus outbreak that has 
sickened about 30 customers. The restaurant can reopen after the facility undergoes a 
deep clean. 

Source: http://www.kaaltv.com/article/stories/S3585073.shtml?cat=10242 

10. October 8, Orangeburg Times and Democrat - (South Carolina) Peanut warehouse 
fire quickly put out. More than $700,000 worth of peanuts were burned in an October 
7 fire at a Palmetto Peanut Company warehouse in Cameron after a piece of machinery 
sparked the blaze. No structural damages or injuries were reported. 

Source: http://thetandd.com/news/peanut-warehouse-fire-quickly-put- 
out/arucle 8f5e9938-4e39- 1 1 e4-aS44-5be08 1 ba983e.html 

11. October 8, Jackson Sun - (Florida) Ammonia leak reported at Pinnacle Foods plant. 

The Pinnacle Foods facility in Jackson was shut down for about 2 hours October 8 due 
to an ammonia release that came from a leaking valve. Workers shut off the valve and 
contained the leak, and no injuries were reported. 

Source: http://www.iacksonsun.com/storv/news/local/2014/10/08/ammonia-leak- 
reported-at-pinnacle-foods-plant/ 16925611/ 

12. October 8, WKYT 27 Lexington - (Kentucky) Cleanup continues after EF-1 tornado 
confirmed in Harrison Co. Two bams were destroyed and two additional barns and 
several pieces of farm equipment were damaged on a farm in Harrison County when a 
tornado touched down October 7. Power was restored to thousands of customers near 
Cynthia after the storms knocked out service. 

Source: http://www.wkvt.com/home/headlines/National-Weather-Service-surveying- 
damage-in-Harrison-Co— 278533401.html 

13. October 8, U.S. Food and Drug Administration - (Florida) Oasis Brands, Inc recalls 
Cuajada en Hoja 12oz because of possible health risk. The U.S. Food and Drug 
Administration (FDA) announced October 6 that Miami-based Oasis Brands, Inc., 
issued a recall for 12-ounce plastic bags of its Cuajada en Hoja due to possible Listeria 
monocytogenes contamination. The recall was initiated following routine sampling by 
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the FDA, and the company ceased production and distribution while the agency 
continues to investigate. 

Source: http://www.fda.gov/Safety/Recalls/ucm418083.htm 
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Water and Wastewater Systems Sector 

14. October 8, KCPQ 13 Tacoma - (Washington) Boil-water advisory lifted for Mercer 
Island; officials encourage residents to flush pipes. A boil water advisory was lifted 
October 8 for Mercer Island after water sample results came back negative for E. coli 
or Total Coliform for the sixth day in a row. Sixty-four city restaurants reopened and 
resumed water service after closing or partially closing, and the school system will 
continue using bottled water until its water-related systems are sanitized. 

Source: http ://q 1 3fox.com/20 14/1 0/08/boil- water- advisory-lifted-for- mercer-island- 
officials-encourage-residents-to-flush-pipes/ 

15. October 8, Greensboro News & Record - (North Carolina) Pipe failure causes 
discharge of 13,000 gallons of wastewater. A pipe failure caused 13,000 gallons of 
untreated wastewater to be discharged from a sewage main into the Little Alamance 
Creek tributary of the Cape Fear River Basin in Greensboro October 7. Crews shut 
down the main and replaced a section of the pipeline. 

Source: http://www.news-record.com/news/local news/pipe-failure-causes-discharge- 
of-gallons-of-wastewater/article 976bee3c-4f2e-l Ie4-be2d-001a4bcf6878.html 

For additional stories, see items 28 and 36 
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Healthcare and Public Health Sector 

16. October 9, Philly.com - (Pennsylvania) Fire kills 1 at Elwyn Institute facility. One 
person was killed and 4 others were injured in a fire that began in a room at Smith Hall 
at Elwyn Institute in Middletown Township October 8 which prompted the evacuation 
of 38 residents of the assisted living facility for the disabled. Three wings of the 
building suffered smoke damage after crews contained the fire to one wing of the hall. 
Source: 

http://www.phillv.com/phillv/news/breaking/Fire claims life at Elwyn Institute facil 
ity.html 

17. October 7, U.S. Food and Drug Administration - (National) Hospira issues a 
voluntary nationwide recall of one lot of Vancomycin Hydrochloride for Injection 
USP, Equivalent to 1 G Vancomycin (Sterile Powder) due to uncontrolled storage 
during transit. Hospira, Inc., recalled one lot of its Vancomycin Hydrochloride for 
Injection, USP, Equivalent to 1 G Vancomycin (Sterile Powder) October 7 after the 
product was shipped improperly in an uncontrolled setting. 

Source: http://www.fda.gov/Safety/Recalls/ucm418028.htm 
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Government Facilities Sector 

18. October 9, Lower Hudson Valley Journal News - (New York) 149 Yonkers students 
sent to hospitals; mystery substance cited. Five teachers and 149 students were sent 
to area hospitals as a precaution while Yonkers Middle School in New York was 
evacuated due to an unknown noxious substance October 8. Authorities are 
investigating the incident that also sent five firefighters to a local hospital with similar 
symptoms of mild nausea and chest discomfort. 

Source: http://www.lohud.com/story/news/education/2014/10/08/vonkers-school- 
evacuated-noxious-substance/1 69 18343/ 



19. October 9, KVLY 11 Fargo - (North Dakota) Hackers breach NDSCS computers. 
North Dakota State College of Science (NDSCS) officials reported that the personal 
information, including Social Security numbers, of more than 15,000 current and 
former students and employees may have been compromised after several NDSCS 
computers were breached. The breach was discovered September 1 and authorities 
worked to secure the system. 

Source: http://www.vallevnewslive.com/story/26745237/hackers-breach-ndscs- 
computers 

20. October 9, KXTV 10 Sacramento - (California) Applegate Fire grows to 420 acres; 
1,000 homes threatened. Crews reached 20 percent containment October 9 on the 420- 
acre Applegate Fire burning along Interstate 80 in California. At least 5 homes were 
destroyed and 1,000 others remained threatened while evacuation orders were in place 
for surrounding areas. 

Source: http://www.newslO.net/storv/news/local/auburn-grass- 
vallev/2014/10/09/applegate-fire-grows-to-420-acres-containment-at-20- 
percent/1 6964467/ 

21. October 8, McAllen Monitor - (Texas) Short circuit suspends classes at Pharr IDEA 
school. Classes will resume October 14 at Pharr IDEA Public School in Texas after a 
transformer exploded due to a short circuit October 8 causing the cancellation of 
classes October 9 while crews worked to repair the damaged transformer. No injuries 
were reported and the building was safely evacuated during the incident. 

Source: http://www.themonitor.com/news/local/short-circuit-suspends-classes-at-pharr- 
idea-school/article 7b3108aa-4f5c-lle4-9184-0017a43b2370.html 



22. October 8, WRIC 8 Petersburg - (Virginia) Bomb threat closes both John Tyler 
Community College campuses. Classes at both John Tyler Community College 
campuses in Chesterfield County were cancelled October 8 due to a bomb threat. 
Authorities responded and are investigating the threat. 

Source: http://www.wric.com/storv/26734298/reported-bomb-threat-at-iohn-tvler- 
community-college 

For additional stories, see items 8 and 14 
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Emergency Services Sector 

23. October 9, WXIN 59 Indianapolis - (Indiana) Hancock County police search for 
escaped, handcuffed inmate. Authorities are searching for an inmate who escaped 
while he was being transported by van to a secure location in Hancock County Jail in 
Indiana October 9. The inmate managed to scale a fence after a brief altercation with a 
jail officer. 

Source: http://fox59.com/2014/10/09/hancock-county-police-search-for-escaped- 
handcuff ed-inmate/ 

24. October 9, WPTZ 5 Plattsburgh - (New York) Verizon Wireless 911 outage reported 
in the North Country. Crews worked to repair line problems which caused a 
disruption in wireless 9-1-1 service for Verizon customers in parts of Clinton, Essex, 
and Franklin counties October 9. 

Source: http://www.wptz.com/news/vermont-new-york/plattsburgh/verizon-wireless- 
91 l-outage-reported-in-the-north-countrv/290277 14 

25. October 9, Enid News & Eagle - (Oklahoma) 911 outage reported for some callers in 
Enid. Officials reported that 9-1-1 service for roughly 510 AT&T customers in Enid 
was restored October 9 after a disruption in service October 8. 

Source: http://www.enidnews.com/news/article 13bff798-4f21-l Ie4-afe9- 
371917ca222e.html 
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Information Technology Sector 

26. October 9, Help Net Security - (International) Aggressive Selfmite SMS worm 
variant goes global. Researchers with AdaptiveMobile identified a new variant 
of the Selfmite SMS worm for Android that spreads via malicious links in SMS 
messages that lead to a trojanized Google Plus app. The worm uses 
compromised devices to send the malicious SMS messages to every contact on 
the device several times and redirect users to unsolicited subscription Web sites. 
Source: http://www.net-security.org/malware news.php?id=288 1 

27. October 9, Securityweek - (International) Multiple vulnerabilities found in SAP 
enterprise software. Researchers at Onapsis published seven advisories for flaws in 
SAP HANA, SAP BusinessObjects, and SAP NetWeaver Business Warehouse 
enterprise software, including a remotely exploitable command injection vulnerability 
in HANA that could allow an unauthenticated attacker to completely compromise the 
SAP system and the information it handles and stores. 

Source: http://www.securitvweek.com/multiple-vulnerabilities-found-sap-enterprise- 
software 

28. October 8, Securityweek - (International) Several Siemens industrial products 
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affected by ShellShock bug. Siemens released an advisory warning that variants of the 
Shellshock vulnerability can be leveraged by attackers against several of its products 
including some versions of Rugged Operating System on Linux (ROX) 1 and ROX 2 
and APE Linux versions. The company is working on developing patches for the 
affected products. 

Source: http://www.securitvweek.com/several-siemens-industrial-products-affected- 
shellshock-bug 

29. October 8, Softpedia - (International) There is anti-BadUSB protection, but it’s a bit 
sticky. The researchers who revealed the details for infecting USB devices via the 
BadUSB vulnerability released a patch and instructions for preventing the 
reprogramming of USB devices by disabling the “boot mode” state of the device. The 
researchers stated that a patched device could be tampered with to reset it and remove 
the patch, and suggested physically securing the device with glue or similar substances 
to prevent undetected access. 

Source: http://news.softpedia.com/news/There-Is-Anti-BadUSB-Protection-but-It-s-a- 
Bit-Sticky-461485.shtml 

Internet Alert Dashboard 



To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or 
visit their Web site: http://www.us-cert.gov 

Information on IT information sharing and analysis can be found at the IT ISAC (Information Sharing and 
Analysis Center) Web site: http://www.it-isac.org 
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Communications Sector 

30. October 8, IDG News Service - (National) AT&T to pay $105 million to settle 

mobile-phone cramming charges. AT&T reached a $105 million settlement October 
8 with federal and State authorities to resolve complaints that it made millions of 
dollars through unauthorized third-party charges on customers’ cellular-phone bills. 
The settlement includes $80 million for consumer refunds and $25 million in penalties. 
Source: http://www.networkworld.com/article/2823294/lan-wan/atandt-to-pay-105- 
rnillion-to-settle-mobilephone-cramming-charges.html 
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Commercial Facilities Sector 

31. October9, Commack Patch - (New York) Fire heavily damages Commack 

businesses. Authorities are investigating the cause of an October 8 fire that heavily 
damaged four restaurants housed inside a commercial building in Commack. No 
injuries were reported. 

Source: http ://patch . com/new- york/commack/fire-heavil y-damages -commack- 
businesses-0 
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32. October 9, KTLA 5 Los Angeles - (California) Woman kidnapped by ex-boyfriend at 
gunpoint leads to ‘tense’ standoff in Torrance: Police. Guests from a Super 8 Motel 
were evacuated October 9 after a standoff began between police and a man suspected 
of kidnapping a woman, barricading himself inside the motel, and exchanging gunfire 
with police. 

Source: http://ktla.com/2014/10/09/woman-kidnapped-bv-ex-boyfriend-at-gunpoint-in- 
redondo-beach-police/ 

33. October 9, Inland Valley Daily Bulletin - (California) Loma Linda second-alarm fire 
damages strip mall. A 2-alarm fire broke out October 8 inside an under-construction 
bakery at a Loma Linda strip mall and spread through attics to nearby stores, causing 
damage to the four businesses. The stores are expected to remain closed until utilities 
are able to restore gas and electricity. 

Source: http://www.sbsun.com/general-news/20 141 009/loma-linda-second-alarm-fire- 
damages-strip-mall 

34. October 8, KING 5 Seattle - (Washington) Raw sewage forces evacuation of Ocean 
City motel. About 15 residents were displaced when a Grays Harbor judge ordered the 
closure of an Ocean City, Washington motel due to a failed septic system that caused 
raw sewage to leak into a ditch behind the motel and back up inside guests’ rooms. 
Source: http://www.king5.com/story/news/local/2014/10/08/raw-sewage-motel- 
evacuation-ocean-cit y/ 1 6952023/ 

35. October 8, Verde Independent - (Arizona) Walmart closes to investigate bomb 
threat. A Walmart in Verde was evacuated October 8 after a man phoned the store 
several times claiming that there was a bomb inside the building. Police cleared the 
scene more than 2 hours later after finding nothing suspicious. 

Source: 

http://verdenews.com/main.asp?SectionID=l&SubSectionID=l&ArticleID=62708 

36. October 8, KPRC 2 Houston - (Texas) Water main break floods SW Houston 
intersection. Crews worked October 8-9 to repair a 20-inch water main that ruptured in 
the Westbury area of Houston, leaving three apartment complexes without water 
service for several hours until the work was complete. 

Source: http://www.click2houston.com/news/water-main-break-floods-sw-houston- 
intersection/290 19102 



For another story, see item 14 
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Dams Sector 

Nothing to report 
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About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] 
summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily 
Open Source Infrastructure Report is archived for 10 days on the Department of Homeland Security Web site: 
http://www.dhs.gov/IPDailyReport 

Contact Information 

Content and Suggestions: Send mail to cikr.productfeedback@hq.dhs.gov or contact the DHS 

Daily Report Team at (703) 942-8590 

Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow 

instructions to Get e-mail updates when this information changes . 
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Contact DHS 

To report physical infrastructure incidents or to request information, please contact the National Infrastructure 
Coordinating Center at nicc@hq.dhs.gov or (202) 282-9201. 

To report cyber infrastructure incidents or to request information, please contact US-CERT at soc@us-cert.gov or visit 
their Web page at www.us-cert.gov . 

Department of Homeland Security Disclaimer 

The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform 
personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright 
restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source 
material. 
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